Providing Auditor Qualifications (was Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications)

All, Here, for your review and comment, is the final version of the wiki page guidance on providing auditor qualifications. I appreciate the input we received from ETSI and WebTrust audit groups on this current version. https://wiki.mozilla.org/CA/Audit_Statements

Re: Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

All, As discussed previously, here is a draft amendment to the Audit Statements wiki page for your review and comment: https://wiki.mozilla.org/CA/Audit_Statements#Providing_Auditor_Qualifications Sincerely yours, Ben ___ dev-security-policy mailing list

AW: Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

rz 2021 00:31 An: mozilla-dev-security-policy Betreff: EXT: Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report All, Kathleen and I discussed the language of this proposal and have modified it for MRSP section 3.2 as follows: "A Qu

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

All, Kathleen and I discussed the language of this proposal and have modified it for MRSP section 3.2 as follows: "A Qualified Auditor MUST have relevant IT Security experience, or have audited a number of CAs, and be independent. Each Audit Report MUST be accompanied by documentation provided to

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

All, I have edited the proposed resolution of Issue #192 as follows: Subsection 3 of MRSP Section 3.1.4. would read: "The publicly-available documentation relating to each audit MUST contain at least

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Monday, February 15, 2021 at 3:07:12 PM UTC-8, Jeff Ward wrote: > On Monday, February 15, 2021 at 4:11:15 PM UTC-6, Ryan Sleevi wrote: > > Apologies for belaboring the point, but I think we might be talking past > > eachother. > > > > You originally stated “The only place I am aware that lis

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Mon, Feb 15, 2021 at 6:07 PM Jeff Ward via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Ryan, I hope you are not suggesting I am dodging you points. That would > be absurd. Let me use different words as comparable world seems to be > tripping you up. I'm not trying

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Monday, February 15, 2021 at 4:11:15 PM UTC-6, Ryan Sleevi wrote: > Apologies for belaboring the point, but I think we might be talking past > eachother. > > You originally stated “The only place I am aware that lists the audit > partner in a comparable world is the signing audit partner on p

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

Apologies for belaboring the point, but I think we might be talking past eachother. You originally stated “The only place I am aware that lists the audit partner in a comparable world is the signing audit partner on public company audits in the US, which is available on the SEC website.” I gave tw

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

sonal investments, to ensure they > > remain independent. > > > > Also, WebTrust practitioners provide information on the firm and the > > professionals used on these engagements. The information provided is > > closely aligned with the Auditor Qualifications you are des

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

nformation on the firm and the > professionals used on these engagements. The information provided is > closely aligned with the Auditor Qualifications you are describing. As you > know, CPA Canada provides a listing of qualified audit firms on its > website. Working closely with them co

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

rience, or have > audited a number of CAs, and be independent and not conflicted. Individuals > have competence, partnerships and corporations do not. Each Audit Report > MUST be accompanied by documentation provided to Mozilla of individual > auditor qualifications sufficient

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

competence, partnerships and corporations do not. Each Audit Report MUST be accompanied by documentation provided to Mozilla of individual auditor qualifications sufficient for Mozilla to determine the competence, experience, and independence of the Qualified Auditor." See https://github.com/Be

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Thu, Jan 28, 2021 at 3:05 PM Ben Wilson wrote: > Thanks. My current thinking is that we can leave the MRSP "as is" and > that we write up what we want in > https://wiki.mozilla.org/CA/Audit_Statements#Auditor_Qualifications, > which is, as you note, information about members of the audit team

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

Thanks. My current thinking is that we can leave the MRSP "as is" and that we write up what we want in https://wiki.mozilla.org/CA/Audit_Statements#Auditor_Qualifications, which is, as you note, information about members of the audit team and how individual members meet #2, #3, and #6. On Thu,

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Thu, Jan 28, 2021 at 1:43 PM Ben Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On second thought, I think that Mozilla can accomplish what we want without > modifying the MRSP > < > https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/p

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On second thought, I think that Mozilla can accomplish what we want without modifying the MRSP (which says audits MUST be performed by a Qualified Auditor, as defined in the Baseline Requirements sect

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

Thanks, Clemens. I'll take a look. Also, apparently my redlining was lost when my message was saved to the newsgroup. I'll see if I can re-post without the text formatting of strikeouts and underlines. On Tue, Jan 26, 2021 at 10:24 AM Clemens Wanko via dev-security-policy < dev-security-policy@l

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

Hi Ben, looking at what was suggested so far for section 3.2, it seems that the BR combine and summarize under "qualified" in the BR section 8.2 what you and Kathleen describe with the definitions for "competent" and "independent" parties. Based upon that, MRSP section 3.2 could be structured i

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

Here is my attempt to reword section 3.2 based on combining MRSP version 2.4.1 with version 2.7. My approach was to align the concepts of "competent", "independent" and "qualified" with their more-accepted meanings. Version 2.4.1 and earlier versions of the Mozilla Root Store Policy mixed some of t

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On 11/13/20 1:43 PM, Ryan Sleevi wrote: In this regard, the principles from Mozilla's 1.0 Certificate Policy provide a small minimum, along with some of the language from, say, the FPKI, regarding technical competencies. The basis here is simply for the auditor to *disclose* why they believe they

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Thu, Nov 12, 2020 at 7:27 PM Kathleen Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I am very much in favor of increasing transparency about the > qualifications of the auditors providing audit statements for CAs in our > program. However, I think that we need

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

PS: In the meantime, we will continue to verify auditor qualifications as described here: https://wiki.mozilla.org/CA/Audit_Statements#Auditor_Qualifications On 11/12/20 4:27 PM, Kathleen Wilson wrote: > It is proposed in Issue #192 > <https://github.com/mozilla/pkipolicy/issues/

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

need to be verified as a qualified auditor? Or just the lead auditor? - How are the qualifications of the auditors communicated in conjunction with the audit statement(s)? - Who is responsible for verifying auditor qualifications? - Who is responsible for maintaining the list of known qua

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Mon, Nov 9, 2020 at 11:53 AM Clemens Wanko via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hi Ryan, hi all, > well, isn’t the point to make here just, that there are multiple ways to > ensure proper auditor qualification? No matter which way you like to go > however, y

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

Thank you Ben, this is really helpful. Dimitris. On 2020-11-09 6:52 μ.μ., Ben Wilson via dev-security-policy wrote: Hi Dimitris, I intend to introduce the remaining discussion topics over the next three weeks. I did not announce an end to the discussion period on purpose, so that we can have a

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

Hi Ryan, hi all, well, isn’t the point to make here just, that there are multiple ways to ensure proper auditor qualification? No matter which way you like to go however, you must define the details of your regime: what is the criteria you require the auditor to fulfill, how do you organize that

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

Hi Dimitris, I intend to introduce the remaining discussion topics over the next three weeks. I did not announce an end to the discussion period on purpose, so that we can have as full of a discussion as possible. Also, in the next three weeks, I intend to start summarizing the discussions and com

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On 7/11/2020 3:12 μ.μ., Ryan Sleevi wrote: On Sat, Nov 7, 2020 at 4:52 AM Dimitris Zacharopoulos mailto:ji...@it.auth.gr>> wrote: I will try to further explain my thoughts on this. As we all know, according to Mozilla Policy "CAs MUST follow and be aware of discussions in the

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Saturday, November 7, 2020 at 10:36:58 AM UTC-6, Ryan Sleevi wrote: > On Sat, Nov 7, 2020 at 9:21 AM Jeff Ward via dev-security-policy < > dev-secur...@lists.mozilla.org> wrote: > > > Sure Ryan, the answer is quite simple. When I used the word "public" in > > my post, I should have been more

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Sat, Nov 7, 2020 at 9:21 AM Jeff Ward via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Sure Ryan, the answer is quite simple. When I used the word "public" in > my post, I should have been more clear as to the nuance of this concept. > Public reports by definition are

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Friday, November 6, 2020 at 1:13:43 PM UTC-6, Ryan Sleevi wrote: > On Fri, Nov 6, 2020 at 12:31 PM Jeff Ward via dev-security-policy < > dev-secur...@lists.mozilla.org> wrote: > > > Audit reports, whether for WebTrust, financial statements, or other forms > > of engagement reports providing

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Sat, Nov 7, 2020 at 4:52 AM Dimitris Zacharopoulos wrote: > > I will try to further explain my thoughts on this. As we all know, > according to Mozilla Policy "CAs MUST follow and be aware of discussions in > the mozilla.dev.security.policy >

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

I will try to further explain my thoughts on this. As we all know, according to Mozilla Policy "CAs MUST follow and be aware of discussions in the mozilla.dev.security.policy forum, where Mozilla's root program is coordinated". I bel

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Fri, Nov 6, 2020 at 6:08 PM Dimitris Zacharopoulos via dev-security-policy wrote: > Can other people, except Ryan, follow this thread? I certainly can't. Too > much information, too much text, too many assumptions, makes it impossible > to meaningfully participate in the discussion. These ar

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

Can other people, except Ryan, follow this thread? I certainly can't. Too much information, too much text, too many assumptions, makes it impossible to meaningfully participate in the discussion. ___ dev-security-policy mailing list dev-security-policy@

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On 2020-11-06 18:31, Jeff Ward wrote: > ... Audit reports, whether for WebTrust, financial statements, or other forms of engagement reports providing assurance to users of the information, do not include specific audit team members’ names. Simply stated, this desire to include individual aud

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Fri, Nov 6, 2020 at 12:00 PM Clemens Wanko via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hi Ryan, hi all, > three things to comment on that: > > 1. How is the EU ETSI audit scheme thought and what is it intended to > provide to Mozilla and the CA/Browser ecosyst

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Fri, Nov 6, 2020 at 12:31 PM Jeff Ward via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Audit reports, whether for WebTrust, financial statements, or other forms > of engagement reports providing assurance to users of the information, do > not include specific audit tea

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

mation security tools > and techniques, information technology and security auditing, and the > third-party attestation function," that fact needs evidence in order to be > established. The proposed resolution of this Issue #192 intends to > accomplish that. > > This propos

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

Hi Ryan, hi all, three things to comment on that: 1. How is the EU ETSI audit scheme thought and what is it intended to provide to Mozilla and the CA/Browser ecosystem? The European scheme of technical standards for CA/TSP developed by ETSI was made and is constantly adopted to integrate CA

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Thu, Nov 5, 2020 at 7:00 PM Wojtek Porczyk wrote: > On Thu, Nov 05, 2020 at 11:48:20AM -0500, Ryan Sleevi via > dev-security-policy wrote: > > competency is with individuals, not organizations. > > [snip] > > > I find the appeal to redundancy and the NAB, and further, the suggestion > of > > G

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Thu, Nov 05, 2020 at 11:48:20AM -0500, Ryan Sleevi via dev-security-policy wrote: > competency is with individuals, not organizations. [snip] > I find the appeal to redundancy and the NAB, and further, the suggestion of > GDPR, to be a bit insulting to this community. This opposition to > tra

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

Original Message- > > From: dev-security-policy > On > > Behalf Of Ben Wilson via dev-security-policy > > Sent: Tuesday, November 3, 2020 6:53 PM > > To: Mozilla > > Subject: Policy 2.7.1: MRSP Issue #192: Require information about auditor > > qualif

RE: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

alf Of Ben Wilson via dev-security-policy > Sent: Tuesday, November 3, 2020 6:53 PM > To: Mozilla > Subject: Policy 2.7.1: MRSP Issue #192: Require information about auditor > qualifications in the audit report > > Historically, Mozilla Policy required that CAs "provide atte

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

> It is proposed in Issue #192 > > <https://github.com/mozilla/pkipolicy/issues/192> that information > about > > individual auditor's qualifications be provided--identity, competence, > > experience and independence. (For those interested as to this > independence >

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

requires "individuals who have proficiency in > examining Public Key Infrastructure technology, information security tools > and techniques, information technology and security auditing, and the > third-party attestation function," that fact needs evidence in order to be > establ

Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

he third-party attestation function," that fact needs evidence in order to be established. The proposed resolution of this Issue #192 intends to accomplish that. This proposal to require disclosure of individual auditor qualifications is very similar to the approach adopted by the U.S. Federal P

Re: Verifying Auditor Qualifications

ix, the new accreditation documents will include similar explicit references. Best regards, Nikolaos Soumelidis Thanks for letting me know. I have updated the corresponding auditor qualifications in the CCADB, since ACCREDIA now provides the required

RE: Verifying Auditor Qualifications

ilar explicit references. Best regards, Nikolaos Soumelidis -Original Message- From: dev-security-policy On Behalf Of Kathleen Wilson via dev-security-policy Sent: Tuesday, September 1, 2020 9:47 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Verifying Auditor Qualifica

Re: Verifying Auditor Qualifications

On 8/31/20 11:07 AM, Kathleen Wilson wrote: On 8/28/20 3:59 PM, Kathleen Wilson wrote: On 8/26/20 1:41 PM, Kathleen Wilson wrote: The 5 CABs that I haven't been able to complete the Standard Check for are: - Bureau Veritas Italia S.p.A. - NAB is Accredia - CSQA - NAB is Accredia - KIWA - NAB

Re: Verifying Auditor Qualifications

On 8/28/20 3:59 PM, Kathleen Wilson wrote: On 8/26/20 1:41 PM, Kathleen Wilson wrote: The 5 CABs that I haven't been able to complete the Standard Check for are: - Bureau Veritas Italia S.p.A. - NAB is Accredia - CSQA - NAB is Accredia - KIWA - NAB is Accredia - QMSCERT - NAB is Accredia - QSC

Re: Verifying Auditor Qualifications

On 8/26/20 1:41 PM, Kathleen Wilson wrote: The 5 CABs that I haven't been able to complete the Standard Check for are: - Bureau Veritas Italia S.p.A. - NAB is Accredia - CSQA - NAB is Accredia - KIWA - NAB is Accredia - QMSCERT - NAB is Accredia - QSCert - NAB is CAI Update: I received email

Re: Verifying Auditor Qualifications

On 8/26/20 2:01 PM, Nikolaos Soumelidis wrote: I will greatly appreciate it if you can reach out to them again. Please let me know what information you would need. Will definitely do. Probably no other information will be needed by you, but I do appreciate the offer. Thanks! Please note

RE: Verifying Auditor Qualifications

>> I will greatly appreciate it if you can reach out to them again. Please let me know what information you would need. Will definitely do. Probably no other information will be needed by you, but I do appreciate the offer. >> Note that with the exception of 4 CABs accredited by Accredia and 1 C

Re: Verifying Auditor Qualifications

dards. If you feel that this is necessary, we can reach out to them again and provide feedback as soon as we get it. I will greatly appreciate it if you can reach out to them again. Please let me know what information you would need. According to the instructions for verifying ETSI au

RE: Verifying Auditor Qualifications

Verifying Auditor Qualifications On 6/3/20 4:20 PM, Kathleen Wilson wrote: > It recently came to my attention that I need to be more diligent in > verifying auditor qualifications. > > https://wiki.mozilla.org/CA/Audit_Statements#Auditor_Qualifications All, While re-verifying auditor

Re: Verifying Auditor Qualifications

On 8/26/20 12:29 PM, Ben Wilson wrote: This raises the question of whether NABs typically include ETSI EN 319 401, ETSI EN 319 411-1 and ETSI EN 319 411-2 in such CAB certification records. The answer to that question is yes, the other NABs typically do list that information directly in the

Re: Verifying Auditor Qualifications

lists.mozilla.org> wrote: > On 6/3/20 4:20 PM, Kathleen Wilson wrote: > > It recently came to my attention that I need to be more diligent in > > verifying auditor qualifications. > > > > https://wiki.mozilla.org/CA/Audit_Statements#Auditor_Qualifications > > A

Re: Verifying Auditor Qualifications

On 6/3/20 4:20 PM, Kathleen Wilson wrote: It recently came to my attention that I need to be more diligent in verifying auditor qualifications. https://wiki.mozilla.org/CA/Audit_Statements#Auditor_Qualifications All, While re-verifying auditor qualifications I have run into the following

Re: Verifying Auditor Qualifications

On Mon, Jul 20, 2020 at 10:27 AM Arvid Vermote via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > ACAB'c is a group of a few eIDAS CABs working together for reasons, they > do not represent all eIDAS CABs neither do they have any recognized or > official function within the

RE: Verifying Auditor Qualifications

cholas Knight via dev-security-policy > Sent: maandag 13 juli 2020 15:31 > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Verifying Auditor Qualifications > > It seems exceptionally strange to me that what, from all appearances, is a 4 > year > old advocacy body f

Re: Verifying Auditor Qualifications

It seems exceptionally strange to me that what, from all appearances, is a 4 year old advocacy body for auditors could be considered an authoritative source. ACAB’c does not seem to have done anything at all to acquire the extremely high level of credibility such a source needs. The idea that a

Re: Verifying Auditor Qualifications

Hi Ryan, thanks for your post. And certainly yes: it’s our first goal to serve the needs of our actual consumers. The browsers belong to those in the front row. We are aware of that as we are aware that there is space for improvement for the council. With regard to your statement to our webpage

Re: Verifying Auditor Qualifications

On Fri, Jul 3, 2020 at 6:14 AM clemens.wanko--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > All, > on behalf of the Accredited Conformity Assessment Bodies council we would > like to provide the following background information to the guideline > “Verifying ETSI Audit

Re: Verifying Auditor Qualifications

All, on behalf of the Accredited Conformity Assessment Bodies council we would like to provide the following background information to the guideline “Verifying ETSI Auditor Qualification” as stated here: https://wiki.mozilla.org/CA/Audit_Statements#Verifying_ETSI_Auditor_Qualifications The guid

Re: Verifying Auditor Qualifications

On 6/24/20 8:48 PM, Ryan Sleevi wrote: On Wed, Jun 24, 2020 at 3:08 PM Kathleen Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: I have updated the following section of the wiki page to incorporate feedback that I received from representatives of ACAB'c. https://

Re: Verifying Auditor Qualifications

On Wed, Jun 24, 2020 at 3:08 PM Kathleen Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I have updated the following section of the wiki page to incorporate > feedback that I received from representatives of ACAB'c. > > > https://wiki.mozilla.org/CA/Audit_Statemen

Re: Verifying Auditor Qualifications

I have updated the following section of the wiki page to incorporate feedback that I received from representatives of ACAB'c. https://wiki.mozilla.org/CA/Audit_Statements#Verifying_ETSI_Auditor_Qualifications I will greatly appreciate it if those of you familiar with ETSI audits will review it

Re: Verifying Auditor Qualifications

x27;t know as of when an auditor has been licensed and as far as I am aware there is no overview of auditors that did not renew, withdrew or had their license revoked. Having such a list would certainly help CAs in the auditor selection process and better monitoring of auditor qualifications.

RE: Verifying Auditor Qualifications

been licensed and as far as I am aware there is no overview of auditors that did not renew, withdrew or had their license revoked. Having such a list would certainly help CAs in the auditor selection process and better monitoring of auditor qualifications. The Dutch NAB has an excellent invento

Verifying Auditor Qualifications

All, It recently came to my attention that I need to be more diligent in verifying auditor qualifications. Therefore, we have added a field in the CCADB called “Date Qualifications Verified” (on Auditor Location objects), which will be used to remind root store operators to check each

Re: Auditor Qualifications

On 27/06/2017 06:47, Kathleen Wilson wrote: All, We've added new Auditor objects to the Common CA Database. Previously auditor information was just in text fields, and the same auditor could be represented different ways. Now we will have a master list of auditors that CAs can select from whe

Auditor Qualifications

All, We've added new Auditor objects to the Common CA Database. Previously auditor information was just in text fields, and the same auditor could be represented different ways. Now we will have a master list of auditors that CAs can select from when entering their Audit Cases to provide their